The Security Situation Assessment Study Based On Atom Situation

With the network environment more and more complex, the study of Network security situation awareness (NSSA) is one of the hot research domains in information security. Network security situation not only reflects the status of network security, but also improves the overall public awareness of the network and promotes the network managers to monitor the network security situation. This thesis focuses on the study of network security situation assessment which is a key part of network security situation awareness.First, this paper introduced the research background and the situation of the network security situation assessment, summarized the network security situation assessment standards and the network security situation methods and the related research results of the network security situation assessment model.Second, three vulnerability databases including CNNVD, Snort and CNND are analyzed and extracted. According to the type of atomic situation, the extracted atom situations are subdivided into six classes which are information disclosure situation, denial-of-service situation, data tampering situation, intrusion control situation, the network deceive situation and security circumvention which correspond to the five attributes of CIA security model and authority. In view of the classified result, a multilayer and dimensionality network situation evaluation index set was constructed which includes attribute layer, atomic situation layer, evaluation index layer and index collection layer from top to bottom.Third, the network security situation assessment algorithm based on comprehensive information theory is proposed. Here syntactic information will be used to explain the occurring probability of atomic situation, semantic information is to express the implication of atomic situation and pragmatic information is to represent the threat level of atomic situation. A hierarchical assessment process which is made up of atomic situation, attribute situation, host situation and network situation is established. Then the theory of self-information entropy is adopted to compute the occurring probability of atomic situation and the weighted sum method is used to compute the each layer situation and analytic hierarchy process (AHP) method is utilized to determine the weighted value of evaluation factors.At last, on the basis of the proposed assessment method and process, the real network environment data is being tested. The compute process of each layer security situation and weighted value determining method were emphasized in this paper.